diff options
author | Dr. Stephen Henson <steve@openssl.org> | 1999-12-29 00:40:28 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 1999-12-29 00:40:28 +0000 |
commit | 6447cce37251e6d947279a3fd6874e59ed0d3d2d (patch) | |
tree | ad2355f136234f3ee11a66556429b66a9ae65a22 /apps/x509.c | |
parent | 76997b7dd0011e23fb5ed3a49aa693b1fc33bfb6 (diff) | |
download | openssl-6447cce37251e6d947279a3fd6874e59ed0d3d2d.tar.gz |
Simplify the trust structure: basically zap the bit strings and
represent everything by OIDs.
Diffstat (limited to 'apps/x509.c')
-rw-r--r-- | apps/x509.c | 49 |
1 files changed, 21 insertions, 28 deletions
diff --git a/apps/x509.c b/apps/x509.c index 797ee39c7e..04cae31481 100644 --- a/apps/x509.c +++ b/apps/x509.c @@ -146,15 +146,16 @@ int MAIN(int argc, char **argv) int ret=1; X509_REQ *req=NULL; X509 *x=NULL,*xca=NULL; + ASN1_OBJECT *objtmp; EVP_PKEY *Upkey=NULL,*CApkey=NULL; int i,num,badops=0; BIO *out=NULL; BIO *STDout=NULL; - STACK *trust = NULL, *reject = NULL; + STACK_OF(ASN1_OBJECT) *trust = NULL, *reject = NULL; int informat,outformat,keyformat,CAformat,CAkeyformat; char *infile=NULL,*outfile=NULL,*keyfile=NULL,*CAfile=NULL; char *CAkeyfile=NULL,*CAserial=NULL; - char *alias=NULL, *trstr=NULL; + char *alias=NULL; int text=0,serial=0,hash=0,subject=0,issuer=0,startdate=0,enddate=0; int noout=0,sign_flag=0,CA_flag=0,CA_createserial=0; int trustout=0,clrtrust=0,clrreject=0,aliasout=0; @@ -297,27 +298,25 @@ int MAIN(int argc, char **argv) else if (strcmp(*argv,"-addtrust") == 0) { if (--argc < 1) goto bad; - trstr= *(++argv); - if(!X509_trust_set_bit_asc(NULL, trstr, 0)) { + if(!(objtmp = OBJ_txt2obj(*(++argv), 0))) { BIO_printf(bio_err, - "Unknown trust value %s\n", trstr); + "Invalid trust object value %s\n", *argv); goto bad; } - if(!trust) trust = sk_new_null(); - sk_push(trust, trstr); + if(!trust) trust = sk_ASN1_OBJECT_new_null(); + sk_ASN1_OBJECT_push(trust, objtmp); trustout = 1; } else if (strcmp(*argv,"-addreject") == 0) { if (--argc < 1) goto bad; - trstr= *(++argv); - if(!X509_reject_set_bit_asc(NULL, trstr, 0)) { + if(!(objtmp = OBJ_txt2obj(*(++argv), 0))) { BIO_printf(bio_err, - "Unknown trust value %s\n", trstr); + "Invalid reject object value %s\n", *argv); goto bad; } - if(!reject) reject = sk_new_null(); - sk_push(reject, trstr); + if(!reject) reject = sk_ASN1_OBJECT_new_null(); + sk_ASN1_OBJECT_push(reject, objtmp); trustout = 1; } else if (strcmp(*argv,"-setalias") == 0) @@ -521,15 +520,9 @@ bad: X509_gmtime_adj(X509_get_notBefore(x),0); X509_gmtime_adj(X509_get_notAfter(x),(long)60*60*24*days); -#if 0 - X509_PUBKEY_free(ci->key); - ci->key=req->req_info->pubkey; - req->req_info->pubkey=NULL; -#else pkey = X509_REQ_get_pubkey(req); X509_set_pubkey(x,pkey); EVP_PKEY_free(pkey); -#endif } else x=load_cert(infile,informat); @@ -566,23 +559,21 @@ bad: if(alias) X509_alias_set(x, (unsigned char *)alias, -1); - if(clrtrust) X509_trust_set_bit(x, -1, 0); - if(clrreject) X509_reject_set_bit(x, -1, 0); + if(clrtrust) X509_trust_clear(x); + if(clrreject) X509_reject_clear(x); if(trust) { - for(i = 0; i < sk_num(trust); i++) { - trstr = sk_value(trust, i); - X509_trust_set_bit_asc(x, trstr, 1); + for(i = 0; i < sk_ASN1_OBJECT_num(trust); i++) { + objtmp = sk_ASN1_OBJECT_value(trust, i); + X509_radd_trust_object(x, objtmp); } - sk_free(trust); } if(reject) { - for(i = 0; i < sk_num(reject); i++) { - trstr = sk_value(reject, i); - X509_reject_set_bit_asc(x, trstr, 1); + for(i = 0; i < sk_ASN1_OBJECT_num(reject); i++) { + objtmp = sk_ASN1_OBJECT_value(reject, i); + X509_radd_reject_object(x, objtmp); } - sk_free(reject); } if (num) @@ -887,6 +878,8 @@ end: EVP_PKEY_free(Upkey); EVP_PKEY_free(CApkey); X509_REQ_free(rq); + sk_ASN1_OBJECT_pop_free(trust, ASN1_OBJECT_free); + sk_ASN1_OBJECT_pop_free(reject, ASN1_OBJECT_free); EXIT(ret); } |